iptables generic INPUT rule
Bill Davidsen
davidsen at tmr.com
Thu Nov 8 23:38:22 UTC 2007
Joe Tseng wrote:
> I recall seeing an example rule where the person allowed all established
> connections; it went something like this:
>
> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> Is this a safe generic rule to have? Or is it better for me to state
> every case explicitly?
Good, safe, and should be first. Rules are processed in order, so you
reduce the overhead by putting the most likely case first, in this case
ESTABLISHED.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list
mailing list